I have a CentOS3 server running BIND 9.4.2 acting as an authorities name
server for a domain. It was also performing recursive lookups for other
machines in the same subnet, but this is no longer desirable as I was
informed that external machines can still use its name cache even if
they're not on the allow-recursion ACL (they just can't initiate new
name lookups) so long as recursive lookups are allowed for more machines
than none, and as this machine is not exactly a resource beast I would
rather disable recursive lookups.

Problem is, once all this is done I then remove 0.0.0.0 from the
resolv.conf file and now when the BIND daemon starts rather than being
almost instant it can sit from 5-15 minutes before firing up.

Should I be settings allow-recursion { none; }; and then leaving 0.0.0.0
in the resolv.conf file? If so, why does BIND require this for a speedy
start-up? As the machine never needs to resolve names within its own
domain, I'd like it to bypass itself.

Paul ****er




TNT Post is the trading name for TNT Post UK Ltd (company number: 04417047), TNT Post (Doordrop Media) Ltd (00613278), TNT Post Scotland Ltd (05695897),TNT Post North Ltd (05701709) and TNT Post South West Ltd (05983401). Emma's Diary and Lifecycle are trading names for Lifecycle Marketing (Mother and Baby) Ltd (02556692). All companies are registered in England and Wales; registered address: 1 Globeside Business Park, Fieldhouse Lane, Marlow, Buckinghamshire, SL7 1HY.